Experts Thwart $10 Million Theft from DeFi Protocols by Uncovering Critical Vulnerability

Security experts have thwarted a cryptocurrency theft attempt exceeding $10 million by identifying and fixing a critical vulnerability that impacted «thousands of smart contracts.»

A researcher from Venn Network, known by the pseudonym Deeberiroz, revealed that the hack had been stealthily threatening the ecosystem for several months. The vulnerability in ERC-1967 proxy contracts allowed an attacker to seize control of them before they were fully configured.

Venn Network’s co-founder, Or Dadosh, explained that the hacker embedded malicious code during the deployment of the contracts. This granted them covert and sustained access to manage the assets.

The vulnerability was discovered by Venn Network on July 8, which triggered a 36-hour rescue operation involving multiple teams, including Pcaversaccio, Dedaub, and Seal 911. They operated discreetly to avoid alerting the hacker, evaluating the affected contracts and ensuring the security of vulnerable funds.

Thanks to the operation’s stealth, several DeFi protocols managed to safeguard their assets before the attacker could withdraw them.

“We found that tens of millions of dollars were at risk. What’s alarming is that the damage could have escalated, affecting a significant portion of the funds locked within the protocols,” Dadosh stated.

One of the protocols impacted was Berachain. The team halted the operation of the vulnerable contract and transferred funds to a new one, assuring that user assets remained unaffected.

Venn Network researcher David Benchimol suggested that the attack could be linked to the North Korean hacking group Lazarus Group. He noted that the attack vector was highly sophisticated and had been applied across all EVM-compatible networks.

He also pointed out that the attacker seemed to be waiting for a larger target, indicating involvement from an organized group. Benchimol emphasized that there is no direct evidence linking the hackers to North Korea.

Additionally, it was noted that in June, vulnerabilities in Lazarus’s operational security were exposed at BitMEX.